Push master images to quay (#3199) #99

Workflow file for this run

.github/workflows/image-master-arm.yaml at 0571b91

	name: 'Build ARM images (Master)'

	on:
	push:
	branches:
	- master

	permissions: read-all
	concurrency:
	group: ci-arm-${{ github.head_ref \|\| github.ref }}-${{ github.repository }}
	cancel-in-progress: true
	jobs:
	build:
	name: ${{ matrix.base_image }}
	uses: ./.github/workflows/reusable-build-flavor.yaml
	secrets: inherit
	permissions:
	id-token: write # OIDC support
	contents: write
	security-events: write
	actions: read
	attestations: read
	checks: read
	deployments: read
	discussions: read
	issues: read
	packages: read
	pages: read
	pull-requests: read
	repository-projects: read
	statuses: read
	with:
	base_image: ${{ matrix.base_image }}
	variant: ${{ matrix.variant }}
	model: ${{ matrix.model }}
	arch: "arm64"
	event_type: ${{ github.event_name }}
	strategy:
	fail-fast: false
	matrix:
	variant: ["core"]
	model: ["generic", "rpi4", "rpi3"]
	base_image:
	- "ubuntu:24.04"
	- "alpine:3.19"
	build-nvidia-base:
	runs-on: fast
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Check if cache image is available
	id: cache
	run: \|
	if docker pull quay.io/kairos/cache:nvidia-base; then
	echo "cache_available=true" >> $GITHUB_OUTPUT
	else
	echo "cache_available=false" >> $GITHUB_OUTPUT
	fi
	- name: Get changed files
	id: changed-files
	uses: tj-actions/changed-files@v45
	with:
	files_yaml: \|
	nvidia:
	- 'images/Dockerfile.nvidia'
	- name: Release space from worker
	if: ${{ steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true' }}
	run: \|
	echo "Listing top largest packages"
	pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' \| awk '$NF == "installed"{print $1 "\t" $2}' \| sort -nr)
	head -n 30 <<< "${pkgs}"
	echo
	df -h
	echo
	sudo apt-get remove -y '^llvm-.\|^libllvm.' \|\| true
	sudo apt-get remove --auto-remove android-sdk-platform-tools \|\| true
	sudo apt-get purge --auto-remove android-sdk-platform-tools \|\| true
	sudo rm -rf /usr/local/lib/android
	sudo apt-get remove -y '^dotnet-.\|^aspnetcore-.' \|\| true
	sudo rm -rf /usr/share/dotnet
	sudo apt-get remove -y '^mono-.*' \|\| true
	sudo apt-get remove -y '^ghc-.*' \|\| true
	sudo apt-get remove -y '.jdk.\|.jre.' \|\| true
	sudo apt-get remove -y 'php.*' \|\| true
	sudo apt-get remove -y hhvm \|\| true
	sudo apt-get remove -y powershell \|\| true
	sudo apt-get remove -y firefox \|\| true
	sudo apt-get remove -y monodoc-manual \|\| true
	sudo apt-get remove -y msbuild \|\| true
	sudo apt-get remove -y microsoft-edge-stable \|\| true
	sudo apt-get remove -y '^google-.*' \|\| true
	sudo apt-get remove -y azure-cli \|\| true
	sudo apt-get remove -y '^mongo.-.\|^postgresql-.\|^mysql-.\|^mssql-.*' \|\| true
	sudo apt-get remove -y '^gfortran-.*' \|\| true
	sudo apt-get remove -y '^gcc-*' \|\| true
	sudo apt-get remove -y '^g++-*' \|\| true
	sudo apt-get remove -y '^cpp-*' \|\| true
	sudo apt-get autoremove -y
	sudo apt-get clean
	echo
	echo "Listing top largest packages"
	pkgs=$(dpkg-query -Wf '${Installed-Size}\t${Package}\t${Status}\n' \| awk '$NF == "installed"{print $1 "\t" $2}' \| sort -nr)
	head -n 30 <<< "${pkgs}"
	echo
	sudo rm -rfv build \|\| true
	df -h
	- name: Set up Docker Buildx
	if: ${{ steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true' && runner.environment == 'github-hosted' }}
	uses: docker/setup-buildx-action@master
	- name: Set up Docker Buildx for custom runners
	if: ${{ steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true' && runner.environment == 'self-hosted' }}
	uses: docker/setup-buildx-action@master
	with:
	buildkitd-config-inline: \|
	[registry."docker.io"]
	mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
	[registry."registry.docker-mirror.svc.cluster.local:5000"]
	insecure = true
	http = true
	- name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines
	if: ${{ steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true' && runner.environment == 'self-hosted' }}
	run: \|
	sudo iptables -I INPUT -s 169.254.169.254 -j DROP
	sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP
	- name: Login to Quay Registry
	if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' && (steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true') }}
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	- name: Build 🔧 & Push 🚀
	if: ${{ steps.cache.outputs.cache_available == 'false' \|\| steps.changed-files.outputs.nvidia_any_changed == 'true' }}
	uses: docker/build-push-action@v6
	with:
	context: images/
	file: images/Dockerfile.nvidia
	platforms: linux/arm64
	push: true
	tags: quay.io/kairos/cache:nvidia-base
	build-nvidia:
	name: ${{ matrix.base_image }}
	uses: ./.github/workflows/reusable-build-flavor.yaml
	secrets: inherit
	permissions:
	id-token: write # OIDC support
	contents: write
	security-events: write
	actions: read
	attestations: read
	checks: read
	deployments: read
	discussions: read
	issues: read
	packages: read
	pages: read
	pull-requests: read
	repository-projects: read
	statuses: read
	with:
	base_image: ${{ matrix.base_image }}
	variant: ${{ matrix.variant }}
	model: ${{ matrix.model }}
	arch: "arm64"
	event_type: ${{ github.event_name }}
	needs:
	- build-nvidia-base
	strategy:
	matrix:
	base_image: ["quay.io/kairos/cache:nvidia-base"]
	variant: ["core"]
	model: ["nvidia-jetson-agx-orin"]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Push master images to quay (#3199) #99

Workflow file

Push master images to quay (#3199) #99

Jobs

Run details

Workflow file for this run